HomeMenu
Jesus · Bible · HTML · CSS · JS · PHP · SVG · Applications

hash_equals

Description

The hash_equals of Hash for PHP timing attack safe string comparison.

Syntax

hash_equals(
    string $known_string,
    string $user_string
): bool

Parameters

known_string

The string of known length to compare against

user_string

The user-supplied string

Return

Returns true when the two strings are equal, false otherwise.

Examples

1 · known_string user_string · equal

<?

$algo1 = "sha384";
$data1 = "mydata";
$algo2 = "sha384";
$data2 = "mydata";

$known_string = hash($algo1, $data1);
$user_string = hash($algo2, $data2);

$return = hash_equals($known_string, $user_string);

var_export($return);
true

2 · known_string user_string · unequal algorithm

<?

$algo1 = "sha384";
$data1 = "mydata";
$algo2 = "md5";
$data2 = "mydata";

$known_string = hash($algo1, $data1);
$user_string = hash($algo2, $data2);

$return = hash_equals($known_string, $user_string);

var_export($return);
false

3 · known_string user_string · unequal data

<?

$algo1 = "sha384";
$data1 = "mydata1";
$algo2 = "sha384";
$data2 = "mydata2";

$known_string = hash($algo1, $data1);
$user_string = hash($algo2, $data2);

$return = hash_equals($known_string, $user_string);

var_export($return);
false